From 22b99086ce80c997243f6454f4c7ea672017c56e Mon Sep 17 00:00:00 2001
From: Jouni Malinen <j@w1.fi>
Date: Sun, 3 Nov 2013 11:58:38 +0200
Subject: [PATCH] tests: Add more EAP test cases

This increases EAP method coverage for WPA2-Enterprise to include
EAP-pwd, EAP-GPSK, EAP-SAKE, EAP-EKE, EAP-IKEv2, EAP-PAX, and EAP-PSK.

Signed-hostap: Jouni Malinen <j@w1.fi>
---
 tests/hwsim/auth_serv/eap_user.conf |  8 +++++
 tests/hwsim/example-hostapd.config  |  1 +
 tests/hwsim/test_ap_eap.py          | 50 +++++++++++++++++++++++++++--
 tests/hwsim/wpasupplicant.py        |  4 ++-
 4 files changed, 60 insertions(+), 3 deletions(-)

diff --git a/tests/hwsim/auth_serv/eap_user.conf b/tests/hwsim/auth_serv/eap_user.conf
index 2baa278bc..c24a99634 100644
--- a/tests/hwsim/auth_serv/eap_user.conf
+++ b/tests/hwsim/auth_serv/eap_user.conf
@@ -1,3 +1,11 @@
+"pwd user"	PWD	"secret password"
+"gpsk user"	GPSK	"abcdefghijklmnop0123456789abcdef"
+"sake user"	SAKE	0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef
+"eke user"	EKE	"hello"
+"ikev2 user"	IKEV2	"ike password"
+"pax.user@example.com"	PAX	0123456789abcdef0123456789abcdef
+"psk.user@example.com"	PSK	0123456789abcdef0123456789abcdef
+
 "0"*		AKA
 "1"*		SIM
 "2"*		AKA
diff --git a/tests/hwsim/example-hostapd.config b/tests/hwsim/example-hostapd.config
index 224aec0d0..89dc6a883 100644
--- a/tests/hwsim/example-hostapd.config
+++ b/tests/hwsim/example-hostapd.config
@@ -33,6 +33,7 @@ CONFIG_EAP_UNAUTH_TLS=y
 ifeq ($(CONFIG_TLS), openssl)
 CONFIG_EAP_PWD=y
 endif
+CONFIG_EAP_EKE=y
 CONFIG_PKCS12=y
 CONFIG_RADIUS_SERVER=y
 CONFIG_IPV6=y
diff --git a/tests/hwsim/test_ap_eap.py b/tests/hwsim/test_ap_eap.py
index d3c32d059..58a3abc44 100644
--- a/tests/hwsim/test_ap_eap.py
+++ b/tests/hwsim/test_ap_eap.py
@@ -17,12 +17,12 @@ import hostapd
 
 def eap_connect(dev, method, identity, anonymous_identity=None, password=None,
                 phase1=None, phase2=None, ca_cert=None,
-                domain_suffix_match=None):
+                domain_suffix_match=None, password_hex=None):
     dev.connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap=method,
                 identity=identity, anonymous_identity=anonymous_identity,
                 password=password, phase1=phase1, phase2=phase2,
                 ca_cert=ca_cert, domain_suffix_match=domain_suffix_match,
-                wait_connect=False, scan_freq="2412")
+                wait_connect=False, scan_freq="2412", password_hex=password_hex)
     ev = dev.wait_event(["CTRL-EVENT-EAP-STARTED"], timeout=10)
     if ev is None:
         raise Exception("Association and EAP start timed out")
@@ -257,3 +257,49 @@ def test_ap_wpa2_eap_tls_neg_suffix_match(dev, apdev):
     ev = dev[0].wait_event(["CTRL-EVENT-SSID-TEMP-DISABLED"], timeout=10)
     if ev is None:
         raise Exception("Network block disabling not reported")
+
+def test_ap_wpa2_eap_pwd(dev, apdev):
+    """WPA2-Enterprise connection using EAP-pwd"""
+    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
+    hostapd.add_ap(apdev[0]['ifname'], params)
+    eap_connect(dev[0], "PWD", "pwd user", password="secret password")
+
+def test_ap_wpa2_eap_gpsk(dev, apdev):
+    """WPA2-Enterprise connection using EAP-GPSK"""
+    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
+    hostapd.add_ap(apdev[0]['ifname'], params)
+    eap_connect(dev[0], "GPSK", "gpsk user",
+                password="abcdefghijklmnop0123456789abcdef")
+
+def test_ap_wpa2_eap_sake(dev, apdev):
+    """WPA2-Enterprise connection using EAP-SAKE"""
+    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
+    hostapd.add_ap(apdev[0]['ifname'], params)
+    eap_connect(dev[0], "SAKE", "sake user",
+                password_hex="0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef")
+
+def test_ap_wpa2_eap_eke(dev, apdev):
+    """WPA2-Enterprise connection using EAP-EKE"""
+    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
+    hostapd.add_ap(apdev[0]['ifname'], params)
+    eap_connect(dev[0], "EKE", "eke user", password="hello")
+
+def test_ap_wpa2_eap_ikev2(dev, apdev):
+    """WPA2-Enterprise connection using EAP-IKEv2"""
+    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
+    hostapd.add_ap(apdev[0]['ifname'], params)
+    eap_connect(dev[0], "IKEV2", "ikev2 user", password="ike password")
+
+def test_ap_wpa2_eap_pax(dev, apdev):
+    """WPA2-Enterprise connection using EAP-PAX"""
+    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
+    hostapd.add_ap(apdev[0]['ifname'], params)
+    eap_connect(dev[0], "PAX", "pax.user@example.com",
+                password_hex="0123456789abcdef0123456789abcdef")
+
+def test_ap_wpa2_eap_psk(dev, apdev):
+    """WPA2-Enterprise connection using EAP-PSK"""
+    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
+    hostapd.add_ap(apdev[0]['ifname'], params)
+    eap_connect(dev[0], "PSK", "psk.user@example.com",
+                password_hex="0123456789abcdef0123456789abcdef")
diff --git a/tests/hwsim/wpasupplicant.py b/tests/hwsim/wpasupplicant.py
index bb4e569a1..af38a15bb 100644
--- a/tests/hwsim/wpasupplicant.py
+++ b/tests/hwsim/wpasupplicant.py
@@ -510,7 +510,7 @@ class WpaSupplicant:
                 ieee80211w=None, pairwise=None, group=None, scan_freq=None,
                 eap=None, identity=None, anonymous_identity=None,
                 password=None, phase1=None, phase2=None, ca_cert=None,
-                domain_suffix_match=None,
+                domain_suffix_match=None, password_hex=None,
                 wait_connect=True):
         logger.info("Connect STA " + self.ifname + " to AP")
         id = self.add_network()
@@ -540,6 +540,8 @@ class WpaSupplicant:
                                     anonymous_identity)
         if password:
             self.set_network_quoted(id, "password", password)
+        if password_hex:
+            self.set_network(id, "password", password_hex)
         if ca_cert:
             self.set_network_quoted(id, "ca_cert", ca_cert)
         if phase1: